background image

Oracle Server X5-2 Security Guide

Part No: E48323-03

Copyright 

©

 2014, 2015, Oracle and/or its affiliates. All rights reserved.

This software and related documentation are provided under a license agreement containing restrictions on use and disclosure and are protected by intellectual property laws. Except

as expressly permitted in your license agreement or allowed by law, you may not use, copy, reproduce, translate, broadcast, modify, license, transmit, distribute, exhibit, perform,

publish, or display any part, in any form, or by any means. Reverse engineering, disassembly, or decompilation of this software, unless required by law for interoperability, is

prohibited.

The information contained herein is subject to change without notice and is not warranted to be error-free. If you find any errors, please report them to us in writing.

If this is software or related documentation that is delivered to the U.S. Government or anyone licensing it on behalf of the U.S. Government, then the following notice is applicable:

U.S. GOVERNMENT END USERS: Oracle programs, including any operating system, integrated software, any programs installed on the hardware, and/or documentation,

delivered to U.S. Government end users are "commercial computer software" pursuant to the applicable Federal Acquisition Regulation and agency-specific supplemental

regulations. As such, use, duplication, disclosure, modification, and adaptation of the programs, including any operating system, integrated software, any programs installed on the

hardware, and/or documentation, shall be subject to license terms and license restrictions applicable to the programs. No other rights are granted to the U.S. Government.

This software or hardware is developed for general use in a variety of information management applications. It is not developed or intended for use in any inherently dangerous

applications, including applications that may create a risk of personal injury. If you use this software or hardware in dangerous applications, then you shall be responsible to take all

appropriate fail-safe, backup, redundancy, and other measures to ensure its safe use. Oracle Corporation and its affiliates disclaim any liability for any damages caused by use of this

software or hardware in dangerous applications.

Oracle and Java are registered trademarks of Oracle and/or its affiliates. Other names may be trademarks of their respective owners.

Intel and Intel Xeon are trademarks or registered trademarks of Intel Corporation. All SPARC trademarks are used under license and are trademarks or registered trademarks of

SPARC International, Inc. AMD, Opteron, the AMD logo, and the AMD Opteron logo are trademarks or registered trademarks of Advanced Micro Devices. UNIX is a registered

trademark of The Open Group.

This software or hardware and documentation may provide access to or information about content, products, and services from third parties. Oracle Corporation and its affiliates are

not responsible for and expressly disclaim all warranties of any kind with respect to third-party content, products, and services unless otherwise set forth in an applicable agreement

between you and Oracle. Oracle Corporation and its affiliates will not be responsible for any loss, costs, or damages incurred due to your access to or use of third-party content,

products, or services, except as set forth in an applicable agreement between you and Oracle.

Access to Oracle Support

Oracle customers that have purchased support have access to electronic support through My Oracle Support. For information, visit 

http://www.oracle.com/pls/topic/lookup?

ctx=acc&id=info

 or visit 

http://www.oracle.com/pls/topic/lookup?ctx=acc&id=trs

 if you are hearing impaired.

Содержание netra X5-2

Страница 1: ...Oracle Server X5 2 Security Guide Part No E48323 03 May 2015 ...

Страница 2: ......

Страница 3: ...rmation management applications It is not developed or intended for use in any inherently dangerous applications including applications that may create a risk of personal injury If you use this software or hardware in dangerous applications then you shall be responsible to take all appropriate fail safe backup redundancy and other measures to ensure its safe use Oracle Corporation and its affiliat...

Страница 4: ...n des informations Ce logiciel ou matériel n est pas conçu ni n est destiné à être utilisé dans des applications à risque notamment dans des applications pouvant causer un risque de dommages corporels Si vous utilisez ce logiciel ou ce matériel dans le cadre d applications dangereuses il est de votre responsabilité de prendre toutes les mesures de secours de sauvegarde de redondance et autres mesu...

Страница 5: ... Security 12 Oracle Hardware Management Pack Security 14 Planning a Secure Environment 15 Password Protection 15 Operating System Security Guidelines 16 Network Switches and Ports 16 VLAN Security 17 InfiniBand Security 17 Maintaining a Secure Environment 19 Power Control 19 Asset Tracking 19 Updates for Software and Firmware 20 Network Security 20 Data Protection and Security 21 Log Maintenance 2...

Страница 6: ...6 Oracle Server X5 2 Security Guide May 2015 ...

Страница 7: ...n Change all default passwords when installing a new system Most types of equipment use default passwords such as changeme that are widely known and could allow unauthorized access to hardware or software Refer to the documentation that came with your software to enable any security features available for the software Install servers and related equipment in a locked restricted access room If equi...

Страница 8: ...lege levels for users Authorization Authorization allows administrators to control what tasks or privileges a user may perform or use Personnel can only perform the tasks and use the privileges that have been assigned to them Authorization refers to restrictions placed on personnel to work with hardware and software Allow personnel to work only with hardware and software that they are trained and ...

Страница 9: ...orded on cards modules and motherboards and can be used for inventory purposes To detect and track components provide a security mark on all significant items of computer hardware such as FRUs and CRUs Use special ultraviolet pens or embossed labels Keep hardware activation keys and licenses in a secure location that is easily accessible to the system administrator especially during system emergen...

Страница 10: ...10 Oracle Server X5 2 Security Guide May 2015 ...

Страница 11: ... com goto x86AdminDiag docs The following information describes security issues related to Oracle System Assistant Oracle System Assistant contains a bootable root environment Oracle System Assistant is an application that runs on a preinstalled internal USB flash drive Oracle System Assistant is built on top of a bootable Linux root environment Oracle System Assistant also provides the ability to...

Страница 12: ... the host operating system However if the security implications described above are unacceptable or if the tool is not needed Oracle System Assistant can be disabled After disabling Oracle System Assistant the USB storage device is no longer accessible to the host operating system and users will be unable to boot into Oracle System Assistant You can disable Oracle System Assistant from either the ...

Страница 13: ...s To protect your system from unwanted network intrusions do not establish a serial connection serial port to Oracle ILOM through any type of network redirection device such as a terminal server unless the server has sufficient access controls In addition certain Oracle ILOM functions such as password reset and the Preboot menu are only made available using the physical serial port Connecting the ...

Страница 14: ...s Oracle Hardware Management Pack itself does not contain an SNMP agent For Linux a module is added to the net snmp agent For Oracle Solaris a module is added to the Oracle Solaris Management Agent For Microsoft Windows the Plugin extends the native SNMP service Any security settings related to SNMP for the Oracle Hardware Management Pack are determined by the settings of the native SNMP agent or ...

Страница 15: ...quirements that pertain to your system and specific environment Password Protection Passwords are an important aspect of security since poorly chosen passwords could result in unauthorized access to company resources Implementing password management best practices ensures that users adhere to a set of guidelines for creating and protecting their passwords Typical components of a password policy sh...

Страница 16: ...ng system To find the Security Guide document for an Oracle operating system go to the Oracle operating system documentation library Operating System Link Oracle Solaris OS http www oracle com technetwork documentation solaris 11 192991 html Oracle Linux OS http www oracle com technetwork documentation ol 1 1861776 html Oracle VM http www oracle com technetwork documentation vm 096300 html For inf...

Страница 17: ...disables a specified MAC address from connecting to a switch MAC Learning uses the knowledge about each switch port s direct connections so that the network switch can set security based on current connections VLAN Security If you set up a virtual local area network VLAN remember that VLANs share bandwidth on a network and require additional security measures Separate sensitive clusters of systems...

Страница 18: ...and Security Note that partitioning does not protect an InfiniBand fabric Partitioning only offers InfiniBand traffic isolation between virtual machines on a host 18 Oracle Server X5 2 Security Guide May 2015 ...

Страница 19: ...ments that pertain to your system and specific environment Power Control You can use software to turn on and off power to some Oracle systems The power distribution units PDUs for some system cabinets can be enabled and disabled remotely Authorization for these commands is typically set up during system configuration and is usually limited to system administrators and service personnel Refer to yo...

Страница 20: ... and might require patches and firmware updates You can find software updates and security patches on the My Oracle Support web site at http support oracle com Network Security After the networks are configured based on security principles regular review and maintenance are needed Follow these guidelines to secure local and remote access to your systems Limit remote configuration to specific IP ad...

Страница 21: ...d remote access to a switch Use these services in very secure environments as they are secured by certificates and other forms of strong encryption to protect the channel Active Directory LDAP SSL Lightweight Directory Access Protocol Secure Socket Layer Use these services on private secure networks where there are no suspected malicious users RADIUS Remote Authentication Dial In User Service TACA...

Страница 22: ...s of such sensitivity that the only proper sanitation method is physical destruction of the hard drive by means of pulverization or incineration Organizations are strongly encouraged to refer to their data protection policies to determine the most appropriate method to sanitize hard drives Caution Disk wiping software might not be able to delete some data on modern hard drives especially solid sta...

Отзывы: